全部博文(7)
分类: 网络与安全
2008-11-14 15:41:36
1. Download:
2. Prepare:
a) OpenSSL, gcc, libiconv
b) Group: sshd, User: sshd
c) PATH: /usr/local/bin, /usr/ccs/bin
3. Installation:
a) ./configure
b) make
c) make install
4. Building Chroot environment
a) Mkdir /sftproot
b) Cd /sftproot
c) Mkdir dev
d) Cd dev
e) mknod zero c 13 12; mknod null c 13 2
f) mkdir ../bin; cd ../bin
g) cp command to bin: cp, ls, mkdir, mv, rm, rmdir, sh, ldd
h) mkdir /sftproot/usr/lib /sftproot/usr/local/libexec
i) copy files to usr/lib: ld.so.1, libc.so.1, libdl.so.1, libgen.so.1, libmp.so.2, libnsl.so.1, libsocket.so.1
j) copy files to usr/local/libexec: sftp-server
k) try: chroot /sftproot /bin/sh
l) then check every library file of command/sftp-server and copy it to /lib or /usr/lib:
PATH=/bin;export PATH
ldd /usr/local/libexec/sftp-server
libresolv.so.2 => (file not found)
libcrypto.so.
librt.so.1 => /usr/lib/librt.so.1
libz.so.1 => /usr/lib/libz.so.1 - wrong ELF class: ELFCLASS64
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libc.so.1 => /usr/lib/libc.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1
libaio.so.1 => /usr/lib/libaio.so.1
libmd.so.1 => /lib/libmd.so.1
libmp.so.2 => /lib/libmp.so.2
libscf.so.1 => /lib/libscf.so.1
libdoor.so.1 => /lib/libdoor.so.1
libuutil.so.1 => /lib/libuutil.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libm.so.2 => /lib/libm.so.2
the files in red should copy to correct place just like /sftproot/usr/lib
m) Test: on a server try:
-bash-3.00$ sftp sftpuser
Connecting to
sftpuser password:
sftp> pwd
Remote working directory: /home/2
sftp> ls
.
..
sftp> exit
-bash-3.00$ sftp
5. Login without password
SSH support key pair authentication so we can login without password (same user name)
a) Generate a key pair on your host: private key & public key stored in ~/.ssh
ssh-keygen -t rsa
public key: ~/.ssh/id_rsa.pub
private key: ~/.ssh/id_rsa
b) Save the public key to the remote host you want login as:
~/.ssh/authorized_keys
